package com.zh.filter;

import com.zh.constant.ShiroContants;
import com.zh.exception.TokenException;
import com.zh.utils.JwtToken;
import com.zh.utils.JwtUtil;
import com.zh.utils.ShiroUtil;
import lombok.extern.slf4j.Slf4j;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter;
import org.springframework.http.HttpStatus;
import org.springframework.web.bind.annotation.RequestMethod;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
 * @Description: 鉴权登录拦截
 * @ClassName AuthFilter
 * @date: 2021.04.19 14:10
 * @Author: zhanghang
 */
@Slf4j
public class AuthFilter extends BasicHttpAuthenticationFilter {

    /**
     * 执行登录认证
     *
     * @param request
     * @param response
     * @param mappedValue
     * @return
     */
    @Override
    protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) {
        try {
            return executeLogin(request, response);
        } catch (Exception e) {

            throw new TokenException(401,"Token失效，请重新登录",e);
        }
    }

    /**
     *
     */
    @Override
    protected boolean executeLogin(ServletRequest request, ServletResponse response) throws Exception {
        HttpServletRequest httpServletRequest = (HttpServletRequest) request;
        String token = httpServletRequest.getHeader("X-Access-Token");
        JwtToken jwtToken = new JwtToken(token);
        // 提交给realm进行登入，如果错误他会抛出异常并被捕获
        Subject subject = getSubject(request, response);
        subject.login(jwtToken);
        // 如果没有抛出异常则代表登入成功，返回true
        //刷新缓存的token时间
        ShiroUtil.setRedisToken(token, JwtUtil.getUsername(token));
        return true;
    }

    /**
     * 对跨域提供支持
     */
    @Override
    protected boolean preHandle(ServletRequest request, ServletResponse response) throws Exception {
        HttpServletRequest httpServletRequest = (HttpServletRequest) request;
        HttpServletResponse httpServletResponse = (HttpServletResponse) response;
        httpServletResponse.setHeader(ShiroContants.ACCESS_CONTROL_ALLOW_ORIGIN, httpServletRequest.getHeader("Origin"));
        httpServletResponse.setHeader(ShiroContants.ACCESS_CONTROL_ALLOW_METHODS, ShiroContants.ACCESS_MOTHEDS);
        httpServletResponse.setHeader(ShiroContants.ACCESS_CONTROL_ALLOW_HEADERS, httpServletRequest.getHeader(ShiroContants.ACCESS_CONTROL_REQUEST_HEADERS));
        // 跨域时会首先发送一个option请求，这里我们给option请求直接返回正常状态
        if (httpServletRequest.getMethod().equals(RequestMethod.OPTIONS.name())) {
            httpServletResponse.setStatus(HttpStatus.OK.value());
            return false;
        }
        try {
            return super.preHandle(request, response);
        } catch (Exception e) {
            if(e instanceof TokenException && ((TokenException)e).code == 401){
                // token失效
                httpServletResponse.setStatus(401);
                return false;
            }else{
                // 异常
                throw new RuntimeException(e);
            }
        }
    }
}
